class LoginController < ApplicationController  
  layout "admin", :except=>[:need_admin,:need_manager]
  
  before_filter :authorize_admin, :except => [:login, :logout, :password, :need_admin, :need_manager]
    
  def add_user
    @user = User.new(params[:user])
    if request.post? and @user.save
      flash[:notice] = "User #{@user.name} created"
      @user = User.new
    end
  end

  def login
    session[:user_id] = nil
    if request.post?
      user = User.authenticate(params[:name], params[:password])
      if user
        session[:user_id] = user.id
        #cookies[:user_id] = user.id.to_s
        cookies[:user_id] = { :value => user.id.to_s, :expires => Time.now + 7.day}
        redirect_to( :controller => "dashboard", :action => "index")
      else 
        flash[:notice] = "Invalid username/password."
      end
    end    
  end

  def logout    
    session[:user_id] = nil
    session[:date] = nil
    cookies.delete :user_id
    flash[:notice] = "logged out"
    redirect_to(:action => "login")
  end

  def index
    @total_users = User.count
  end

  def delete_user
    if request.post?
      user = User.find(params[:id])
      begin
        user.destroy
        flash[:notice] = "User #{user.name} deleted."
      rescue Exception => e
        flash[:notice] = e.message
     end
    end
    redirect_to(:action => :list_users)
  end
  
  def edit_user
    @user = User.find(params[:id])          
  end
  
  def list_users
    @all_users = User.find(:all)
  end

  def password
    if request.post?
      user = User.find(session[:user_id])      
      if user
        if !User.authenticate(user.name, params[:old_password])
          flash[:notice] = "Invalid password. "
        else 
          if params[:password] != params[:password_confirmation]
            flash[:notice] = "Invalid password confirmation. "
          else 
            user.password = params[:password]
            if user.save
              flash[:notice] = "Password modified! "
              redirect_to( :controller => "dashboard", :action => "index")
            end
          end
        end 
        
      else 
        flash[:notice] = "Invalid user."
        redirect_to( :controller => "login", :action => "login")
      end
    end    
  end
  
  def update
    @user = User.find(params[:id])
    if @user.update_attributes(params[:user])
      flash[:notice] = 'User was successfully updated.'      
      redirect_to :action => 'list_users'
    else
      render :action => 'edit'
    end
  end

  def edit_user_roles
    @user = User.find(params[:id])
    @all_roles = Role.find(:all)
  end

  def update_roles
    @user = User.find(params[:id])
    if params[:user]
      params[:user][:role_ids] ||= []
      if @user.update_attributes(params[:user])
        flash[:notice] = 'User was successfully updated.'      
        redirect_to :action => 'list_users'
      else
        render :action => 'edit_user_roles'
      end
    else      
      @user.roles.delete_all
      flash[:notice] = 'User was successfully updated.'      
      redirect_to :action => 'list_users'
    end
  end

end